7,014 questions
0
votes
1
answer
21
views
GKE ingress nginx with TLS handshake errors
I have a GKE cluster with Ingress Nginx Controller attached to a Internal Load Balancer in GCP. The TLS termination happens on Ingress side.
I have 2 networks: A and B. Machines from network A are ...
- 3,321
0
votes
0
answers
25
views
How to set server name in kubespawner in jupyterhub notebook in GKE
import json
import os
from kubespawner import KubeSpawner
class CustomKubeSpawner(KubeSpawner):
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
def load_config(self):
...
- 43
0
votes
0
answers
45
views
Spring Security DefaultSecurityFilterChain Not Applying BearerTokenAuthenticationFilter When Deployed in GKE
I'm working on a Java Springboot service which is hosted in GKE on the Google Cloud Platform. I'm using OAuth2.0 to authorize requests to the service's endpoints.
Java 17
Springboot 3.2.4
When I run ...
- 1,104
-2
votes
0
answers
17
views
How to have change(updates) to spring cloud config server-git repo, reflect downstream at AKS(ConfigServer->ClientApps) autonomously with no polling? [closed]
How to have change(updates) to spring cloud config server-git repo, reflect downstream at AKS(ConfigServer->ClientApps) autonomously with no polling?
I understand there is refresh polling binding ...
0
votes
1
answer
57
views
How to fetch secret values for K8s environment variables using GCP Secret Store CSI Driver
I have a requirement to fetch secrets stored in GCP Secret Manager and use them in my GKE Kubernetes pods. I am using the GCP Secret Store CSI driver to achieve this. While I am able to successfully ...
- 95
-1
votes
0
answers
16
views
GKE Cluster Nodepool with Custom Debian OS [closed]
Is there any way we can start custom OS image with gke cluster nodepool ?
- 1
0
votes
0
answers
42
views
GKE tries to reserve static IP that already exists which results in ERRORS
We are encountering a constant errors about creation of the static IP address.
What we've done is:
With the usage of Terraform we have reserved a static IP address.
Then we have deployed the emissary ...
- 81
0
votes
0
answers
37
views
Google cloud build failing while running apply deploy steps
I am using Google cloud build for the first time to deploy to GKE. The first time i ran the triggers, It ran well, when i tried running it again, Its failing on the apply steps.
Below is the error ...
- 103
0
votes
1
answer
68
views
Manage terminationGracePeriodSeconds over 600 seconds
I'm using an autopilot cluster and have some workloads that can't be stopped under 10 minutes. I would like to set a termination grace period to X hours/days to prevent any interruption.
When I set ...
- 637
0
votes
0
answers
38
views
How to allocate a GPU for snakemake 8 execution on GKE
I'm trying to execute snakemake 8 on a GKE GPU node pool however the resource parameters in the docs don't appear to trigger any kind of autoscaling through Kubernetes.
According to the docs there are ...
- 538
0
votes
1
answer
87
views
How to change PV storageClass of Strimzi kafka cluster
I am new at Strimzi and want to get some advice
We have kafka cluster in GKE. It is deployed with Strimzi and
we have it on all stands including prod env.
Our configuration of PVC that used by
kafka:
...
0
votes
1
answer
65
views
How to use a Classic Google Managed certificate in a GKE ingress to generate https in load balancer
I have a Google Managed certificate which I am trying to use in my ingress, but it is not generating the HTTPS for the load balancer. Note that the managed certificate is showing under the Classic ...
- 67k
1
vote
1
answer
35
views
Deploying pods to second cluster
I'm new to GKE and currently exploring the cluster. My problem is I have two clusters set up Cluster 1 and Cluster 2. Every time I try to deploy pods using my pod.yaml file, the pods always end up ...
- 42
0
votes
1
answer
43
views
Using catalina_globalrequestprocessor_requestcount over time as a metric for custom metric HPA
Is there a way to use catalina_globalrequestprocessor_requestcount metric (or another MBean metric) to track requests as a rate (e.g., requests per second) for use with HPA?
Background
We're using an ...
- 27k
0
votes
1
answer
122
views
Keycloak Setup Issues: Works with localhost but not with Domain Name
I'm currently working on deploying Keycloak using a StatefulSet in a GKE cluster. I've set up a load balancer service to expose Keycloak, but I'm facing issues accessing Keycloak with my domain name. ...
- 75
0
votes
0
answers
67
views
Unable to disable the readonly kubelet port in GKE
I've tried to follow this guide in accordance with the email that we have received about the unsecure readonly port exposed by kubelet.
The script I used is pasted below:
#!/bin/bash
echo Please ...
- 1,783
0
votes
1
answer
76
views
Unable Spawn new notebook using Custom Kubespawner in Jupyterhub
I am facing an issue in spawning new pod with jupyterhub using custom kubespawner. Below is my custom_kubespawner.py file
import json
import os
from kubespawner import KubeSpawner
class CustomSpawner(...
- 43
0
votes
2
answers
101
views
Running gcloud from a pod in Kubernetes
I have a cronjob that uses a service account to assume an IAM role to auth to GCP account. However, I can't fully use the K8s service account for it for gcloud command.
apiVersion: v1
kind: ...
- 1,243
0
votes
1
answer
32
views
Error when using an external provider for mutation with gatekeeper
I am using version 3.17.1 of gatekeeper on my GKE cluster. I am using an "Assign" to mutate image containers to my desired image. I am using an external provider for that. My external ...
- 11
0
votes
0
answers
23
views
Working without setting memory limit in GKE Pods
We recently tried removing CPU and memory limit on pod and it gave better performance than with limit. The Pod is running java service with max heap set to 40G but non-heap use goes till 15 GB (memory ...
0
votes
1
answer
119
views
How to get disk metrics in GCP by filtering on a custom label?
I am running a GKE cluster and I have a statefulset that uses dynamically provisioned persistent disks.
I want to create a dashboard widget where I can see the disk[write|read] operations/throughput ...
- 1,260
0
votes
0
answers
40
views
Google Cloud - Quota limit hit while nothing is running in a Project
something weird's going on with a recent project I created on GCP.
Yesterday for some reason the CPU usage was reported spiking to 12 units, which is the maximum configured "CPU (all regions)&...
- 229
0
votes
1
answer
31
views
Strmzi 0.26.0 on GKE (version - 1.30.5-gke.1014001) - poddisruptionbudgets not found
we have Strimzi 0.26.0 deployed on GKE (version - 1.30.5-gke.1014001)
resources - Kafka, KafkaBrodge, KafkaUser are now showing error due to - poddisruptionbudgets not found
kubectl describe kafka ...
- 1,063
0
votes
1
answer
62
views
How can I set up secrets with GKE?
I have a .env file of many of the secrets used in a python container running on GKE, but os.getenv() always returns None. Is it possible to load these secrets into GKE, where they can be accessed by ...
1
vote
1
answer
43
views
How can I add a tmpfs mount to a GKE cluster?
I have little experience with GKE but I need to deploy an ephemeral tmpfs mount to my cluster. It does not need to be shared, just a file system to interact with temporarily. How can I do this in the ...
0
votes
2
answers
125
views
GKE Ingress for Cloud Run
Is there a way how can I please configure Ingress to have both GKE + Cloud Run? Like at this picture from Google Cloud Tech YT video?
Or how they achieve that? Is it from GKE Gateway or Cloud Deploy? ...
- 53
0
votes
1
answer
73
views
Enabling GKE API on Shared VPC Host project
Today I faced an error while setting up a GKE cluster in a Shared VPC network.
│ Error: googleapi: Error 400: Failed precondition when calling the ServiceConsumerManager:
tenantmanager::XXXXXX: com....
- 10.7k
0
votes
0
answers
22
views
On GKE with Workload Identity, is it possible to specify the K8s Service Account?
In a GKE Pod using Workload Identity, as far as I can tell, only the Pod's Service Account (from the PodSpec.serviceAccountName property) is used. Presumably, by using /run/secrets/kubernetes.io/...
0
votes
1
answer
106
views
How to access a GKE internal Knative service from a VM in the same VPC
I have a GKE autopilot private cluster (running in a fleet) with the CloudRun (i.e. Knative) feature enabled.
I followed https://cloud.google.com/kubernetes-engine/enterprise/knative-serving/docs/...
- 352
0
votes
0
answers
57
views
Null cluster workload name when querying for compute engine cost
When querying for Compute Engine costs I get one record with a null workload name.
What services besides k8s consume Compute Engine or maybe there is an unnamed workload in k8s?
How do I further ...
- 1,307
-1
votes
1
answer
53
views
Apache Spark on k8s (GKE) - files copied to /opt/spark/work-dir not showing up in deployment
I've have Apache Spark deployed on kubernetes (GKE), and I've created a Docker image with the required files copied to location -> /opt/spark/work-dir
When i logon to the Docker image, I can see ...
- 1,063
0
votes
1
answer
107
views
Grant service account access to a single cluster within a project
Use case
We have a test-only cluster that we want to use as part of a Github Actions pipeline. We want the pipeline to be able to do pretty much whatever it likes within the cluster - create/delete ...
- 885
0
votes
0
answers
15
views
Deployed node.js app to GKE with Deployment produsing errors errorInfoMetadata: { permission: 'logging.logEntries.create' }"
GKE node-pool created with custom service account and enabled roles/logging.writer permissions.
But kubernetes deployment logs show an error:
note: 'Exception occurred in retry method that was not ...
0
votes
1
answer
78
views
Restarting Superset in GCS Kubernetes after changing setting
How do I get the changed settings to take effect on Google cloud marketplace deployed Apache Superset ?
I suppose I would need to restart at least the pod, but beter might be to restart the whole ...
- 2,366
0
votes
1
answer
106
views
GKE : Unable to see "logs" or "exec" in pod for autopilot private cluster
Cluster Architecture:
Private autopilot cluster with no external endpoint
For connecting to api-server, using jump-host, which only is a way to connect to cluster and run kubectl commands.
below is ...
- 2,415
0
votes
0
answers
33
views
Usernamespace support in GKE 1.30
I am no GKE 1.30, trying to create a pod with usernamspace using hostUsers:false, but GKE is ignoring it and creating the POD with actual host root user.
Is usernamspace support is enabled with GKE 1....
1
vote
0
answers
63
views
GKE Ingress not accepting "Certificates" but only "Classic Certificates"
How do i map a certificate in GCP Managed Certificates "Certificates" to a LB through GKE Ingress yaml?
I have a 3rd party that is provisioning certificates to the "Certificates" ...
- 966
0
votes
2
answers
364
views
Using custom N2D machine type for GKE node auto provisioning
I am using GKE 1.29 cluster with cluster autoscaler and node autoprovisioning. As of now I am using the N2D machine type for my GKE workloads, and there I am using the n2d-standard-4 machine type ...
0
votes
0
answers
27
views
Error on kubernetes deployment using ingress with domain and tls
I was creating a deployment in kubernetes using ingress with domain and tls
my application is simple currency convertor which is using external api in the backend to convert the currency after the ...
0
votes
1
answer
78
views
GKE Autopilot Stateful set - not scaling
I have created a GKE Autopilot cluster however when I create a stateful set with 3 replicas I am getting the following error
FailedScheduling 77s (x3 over 11m) gke.io/optimize-utilization-scheduler ...
- 15
0
votes
0
answers
18
views
Remove - "default-fake-certificate.pem: from GKE K8s ingress controller
My current setup include - ingressController with ingress on GKE k8s cluster.
The issue is self signed certificate is getting served instead of correct certificates.
After debugging looks like default ...
- 923
0
votes
1
answer
51
views
How do I path rewrite with ingress on GCP external load balancer?
I have an ingress on GCP that routes requests with prefix /api to a backend service, how do rewrite the path to discard the /api prefix? For example, route a request /api/book to /book on the backend ...
- 11.7k
0
votes
0
answers
32
views
Unable to use knative with GKE ingress
I am currently checking how to do the following:
I want to deploy an app on a Google Kubernetes Engine.
This app runs perfectly fine.
Now I want to deploy it via knative with net-kourier.
The Service ...
- 1
1
vote
0
answers
43
views
no matches for kind "K8sHorizontalPodAutoscaler" in version "constraints.gatekeeper.sh/v1beta1" ensure CRDs are installed first
I have been working around the GKE policy controller lately, and while applying the HPA policy as per this. I am getting the error
error: resource mapping not found for name: "horizontal-pod-...
- 855
0
votes
1
answer
67
views
database connection URI string for GCP cloudsql postgres database?
What is the format for database connection URI string for a GCP cloudsql postgres database. The instance only has private access and the connection URI string is needed for a workload running on GKE ...
- 53
0
votes
0
answers
24
views
Does BiqQuery and Cloud Endpoints (ESP) on GCP work with Workload Identity?
I have an authenticated workload running on my GKE cluster that is using workload identity.
I can confirm that workload identity engages correctly using the service account, because the secrets-store ...
0
votes
0
answers
38
views
GKE notifications to gchat room via pub/sub and cloud function not working
I am wanting to enable GKE notification events to be sent to a gchat room, the documentation for this specifically is non existent, only references slack via a webhook url, however, I am using a ...
- 131
0
votes
0
answers
108
views
How do I configure Workload Identity for Composer 3 (GCP)
I am attempting to follow the documentation found here to enable the KubernetesPodOperator within DAGs running on a Composer 3 Environment. I have done this for Composer 2 and we are looking to ...
- 415
0
votes
0
answers
16
views
GKE Ingress Controller - Traffic Routing to Pods
I am trying to configure healthcheck with GKE Ingress Controller + Application Loadbalancer, but having issues as my health/status ports is not exposed as a Kubernetes's Service (due to the sensitive ...
0
votes
0
answers
63
views
How to create GKE node pool using another subnetwork?
I have a GKE cluster with two node pools. In this cluster, I am using only one subnetwork (US) with the range 10.100.100.0/24, and all 254 IP addresses are in use because I am also using this ...
- 315